I feel I should introduce myself before I actually make a comment on the matter, my name is Matthew and I'm a GSoC applicant who is relatively new to Haiku. I've been following the conversation for the last few days and feel that it's premature to introduce and signed packaging into Haiku. In particular the open source schema seems to almost reject the idea of any centralized control over the source code, this modularity is one of the real powers of open source projects and part of what makes Haiku so powerful. This modularity must be brought to a certain point before it can resemble being centralized, Haiku is close, but I would argue isn't cohesive enough to truly capture this unification. That being said, signed packages help ensure a level of authenticity for those who are casually exploring Haiku and want to ensure they're getting the best Haiku has to offer. That being said I don't believe that Haiku has the ability to validate this user experience to the degree that those looking for signed packages would want, so it comes down to a security issue. Because of the current stage of the project and the direction that Haiku is going ("Haiku is a fast, efficient, simple to use, easy to learn...") security on this level shouldn't be addressed until we've met all of these design goals. Apologies if some of this stuff has been said before, Matthew Getch On Fri, Mar 28, 2014 at 10:46 AM, Stephan Aßmus <superstippi@xxxxxx> wrote: > Am 28.03.2014 15:28, schrieb Jonathan Schleifer: > > Am 28.03.2014 um 04:00 schrieb waddlesplash <ajcsweb@xxxxxxxxx>: >> >> Let me be frank here: I am not opposed to signed packages. I am >>> opposed to too much paranoia. Simple signed packages, as in "I >>> guarantee this is in the state X Corp created it in" and not >>> "Haiku, Inc tested this and verified that it both comes from X Corp >>> and is virus-free." The first is good, the second is paranoia IMO. >>> >> >> Actually, that's exactly what I said. I proposed to not sign it by >> Haiku, Ingo proposed to be able to sign keys with other keys, e.g. >> with a Haiku Inc. Key. The latter means Haiku would need to verify it >> - which it can't. >> > > It can't verify that the software contains no viruses or backdoors. That's > not what this is about however, its about verifying the authenticy of the > entity requesting a certificate. Which Haiku Inc. may be able to do on a > case by case basis. It would be in addition to other trusted certificate > authorities installed on the system. That was the whole point of the > argument about which certificate format to go with. To enable that feature. > > As an aside, have you ever went through the process of obtaining a > certificate for signing Windows software? From COMODO for example? Or to > register an Apple ID and obtain a certificate? I am pretty sure that Haiku > Inc. would have no problem doing the same level of verification. > > But maybe I am misunderstanding you, since in your other mail you seem to > fully agree. > > Best regards, > -Stephan > > >